Kasperagent Malware falsifies Palestine-Themed decoy files to launches a new campaign – Penetration Testing

According to foreign media reported on June 18, security researchers were tracking hacker organizations APT-C-23 with Two-Tailed Scorpion after finding a new cyber espionage campaign involving falsifying the Palestinian top secret file spread Kasperagent malware.

The survey shows that hackers have been attacked by the use of Windows malware “Kasperagent” and “Micropsia” and Andrews “SecureUpdate” and “Vamp” for Palestinian elections, and the United States, Israel, Egypt and othercountries have been affected.

In April and May this year, security experts at ThreatConnect, a threat intelligence agency, found dozens of malicious Kasperagent samples in the falsification of the Palestinian Middle East Agency, which embeds malware into legitimate documents and publishes public news on many news sites and social On the media. In addition, the attacker in order to induce the victim to open the document, but also the use of politically sensitive content (such as: dark – kill Hamas military commander Ma Zan Foka and other important leaders to ban the Palestinian political parties in the Gaza area ) False information to induce the victim to open the file, thus automatically downloading the malware Kasperagent.

Analysis shows that attackers can also use the malicious software Kasperagent as a reconnaissance tool and downloader. Security experts also detect some additional features from recent malware samples, such as stealing user passwords from the browser, intercepting screen information, and recording keystrokes. Early Malware Kasperagent variants use “Chrome” as a user agent, but recently switched to “Opaera” – probably due to spelling “Opera” browser errors.

The survey showed that the initiation of cyber espionage coincided with the growing tension in the political situation in Gaza. ThreatConnect observes that hackers have recently used malware hosted on IP addresses 195 [.]154 [.]110 [.]237. The address is associated with four domain names, two of which are registered with the web developer of the Gaza area. Researchers are not yet aware of the real intentions of attackers, but they speculate that cyber espionage is likely to target Hamas, Israel or Fatah, and that the Palestinian region has also become the main target of hacker organizations.

Reference: securityaffairs

The post Kasperagent Malware falsifies Palestine-Themed decoy files to launches a new campaign appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s